1. Field of the Invention
The present invention relates to technology for preventing fraud in credit/debit card payment systems.
2. Description of the Related Art
Previously, measures for preventing fraudulent use of credit cards in card transaction payment systems have included two methods: a credit check for the card used and cardholder validation.
Credit involves recognizing the validity of the card, for example, whether the credit card has been stolen or whether the credit limit has been exceeded. This procedure is usually carried out by sending card information, such as the credit card number, from a card transaction terminal located in the member store to a transaction authorization computer, which is a host computer at the credit card company, a merchant bank computer, or the like, referencing card information stored in a database within the transaction authorization computer, confirming the available credit line, etc., and determining whether the card can be used. When a credit card holder wants to use a credit card to pay for goods or services at a credit card member store (hereinafter “member store”), a credit check for the card is first carried out at the member store. Normally, a credit check proceeds by sending card information, such as the card number and expiration date, through a credit card transaction terminal (hereinafter “transaction terminal”) located in the member store to a settlement payment computer and requesting the credit check. When the transaction authorization computer receives the credit check request, the transaction authorization computer references the database to find out whether the pertinent credit card has been made unusable by being reported lost or stolen, and whether the credit limit for the card will be exceeded by the current transaction. The information regarding whether payment with the pertinent credit/debit card is allowed, based on the results of the check, is sent to the aforementioned card transaction terminal at the member store. Card information stored in the database includes, for example, the cardholder address, telephone number, birth date, registered PIN (Personal Identification Number), the credit limit, and the number of credit card transactions permitted within a specified period. When the transaction authorization computer reports the results of the credit check to the card transaction terminal at the member store, a transaction authorization code is issued. When the results of the credit check permit credit card payment, a credit card sales receipt, whereon the transaction authorization code is recorded, is issued by the card transaction terminal at the member store, and the card user validation process is performed.
The user validation process involves comparing the customer signature receipt with the signature previously inscribed on the credit card, by comparing the face of the card user with a photograph on the card for cards having photographs, or by checking the PIN input by the card user to the card transaction terminal against the PIN previously stored in the database of the transaction authorization computer. Measures for preventing fraudulent card usage in the conventional art include recording the loss of a card in the transaction authorization computer database when the cardholder loses his or her card, and performing a credit check with the transaction authorization computer every time the card is used to prevent fraudulent use by a person who found the card. In addition, performing a user validation procedure, such as PIN input every time the card is used for payment, makes it possible to deal with a situation where there is no information to prevent the use of a lost card.
In the above prior art, when a card is lost or stolen, the card user quickly contacts the credit company and adds “usage not allowed” to the card information in the database. As a result, when a third party tries to use the card, “usage not allowed” is determined in the credit check and can make it impossible to use that card. However, with the broad dissemination of various types of cards, such as credit cards, it is often the case that a single user has a plurality of cards and may not be immediately aware of the fact that a card is lost or stolen. Furthermore, all the cards possessed by a user may not carried, and it is often the case that discovery of the loss or theft of a card is delayed.
For most current credit cards, information such as the card number, card expiration date, user name, and so forth is printed on the surface of the credit card and is recorded on the magnetic tape affixed to the card. These credit cards and transaction authorization systems have the disadvantage that card information necessary for recognizing the card number, expiration date, cardholder, and cardholder signature is easily stolen from the card or terminal. Consequently, the cardholders and credit card companies face considerable liabilities because of card forgery or theft. For example, the method of recognizing a user by comparing the PIN input by the user to the PIN stored in the transaction authorization computer is a secure user validation method because, in theory, the PIN is information known only by the bona fide user of the credit card. However, cases have occurred wherein PINs have been stolen by modifying the card transaction terminal established in the member store and stealing and recording the PIN r input by a user when the card information is acquired. Thus, user validation technology using a PIN is not necessarily effective in preventing the illicit use of stolen or forged cards. The debit card payment system, a shopping service using cash transfer cards, has the same types of problems as the aforementioned credit cards with regard to security against the leakage of card information.
Related materials include the Japanese Patent Laid-open Nos. 2001-21789, 2001-175751, and 2001-134684.
Japanese Patent Laid-open No. 2001-21789 relates to encrypting a password or the like and inputting the password from the user terminal directly to a verification center in order to ensure security in transactions on the Internet. Japanese Patent Laid-open No. 2001-175751 relates to a dedicated terminal comprising a card reader used by a user in order to improve the security in credit processing for credit card payments in on-line shopping. Japanese Patent Laid-open Nos. 2001-21789 and 2001-175751 both relate to security in the payment of virtual transactions concluded by credit card and do not relate to security for credit card transactions concluded in an actual store. Japanese Patent Laid-open No. 2001-134684 makes it possible to use a cellular phone to purchase items from an automatic vending machine by specifying the user with the cellular phone user ID and having a credit card company provide payment. Japanese Patent Laid-open No. 2001-134684 is also not related to security for credit card transactions in an actual store.